Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Online-Banking gesperrt. Trojaner hat Zugangsdaten abgefangen.

Online-Banking gesperrt. Trojaner hat Zugangsdaten abgefangen.


Plagegeister aller Art und deren Bekämpfung: Online-Banking gesperrt. Trojaner hat Zugangsdaten abgefangen.

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 17.11.2010, 11:42   #16
Jojo66
 
Online-Banking gesperrt. Trojaner hat Zugangsdaten abgefangen. - Standard

Online-Banking gesperrt. Trojaner hat Zugangsdaten abgefangen.


So hier jetzt das lange erwartete Log von OSAM
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 11:39:05 on 17.11.2010

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6.12

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - "Sysinternals - www.sysinternals.com" - C:\WINDOWS\system32\pgdfgsvc.exe

[Common]
-----( %SystemRoot%\Tasks )-----
"cronjob.job" - ? - C:\wget-1.10.2b\wget.exe  (File found, but it contains no detailed information)

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"bdeadmin.cpl" - ? - C:\WINDOWS\system32\bdeadmin.cpl
"ifsdrives.cpl" - "Stephan Schreiber" - C:\WINDOWS\system32\ifsdrives.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl
"PPortJoy.cpl" - ? - C:\WINDOWS\system32\PPortJoy.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Avira AntiVir PersonalEdition Classic " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"IfsDrives" - "Stephan Schreiber" - C:\WINDOWS\System32\ifsdrives.cpl
"Nero BurnRights" - "Nero AG" - C:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl
"SMAX4CP" - "Analog Devices, Inc." - C:\Programme\Analog Devices\SoundMAX\SMax4.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Acronis Snapshots Manager" (snapman) - "Acronis" - C:\WINDOWS\System32\DRIVERS\snapman.sys
"AsIO" (AsIO) - ? - C:\WINDOWS\System32\drivers\AsIO.sys  (File found, but it contains no detailed information)
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"Bluetooth HID Enumerator" (BTHidEnum) - ? - C:\WINDOWS\System32\Drivers\vbtenum.sys  (File not found)
"Bluetooth HID Manager Service" (BTHidMgr) - ? - C:\WINDOWS\System32\Drivers\BTHidMgr.sys  (File not found)
"Bluetooth Virtual Communications Driver" (BTDriver) - ? - C:\WINDOWS\System32\DRIVERS\btport.sys  (File not found)
"catchme" (catchme) - ? - C:\DOKUME~1\j***\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"CP210x USB Composite Device driver (WDM)" (slabbus) - ? - C:\WINDOWS\System32\DRIVERS\slabbus.sys  (File not found)
"CP210x USB to UART Bridge Controller Drivers" (slabser) - ? - C:\WINDOWS\System32\DRIVERS\slabser.sys  (File not found)
"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\WINDOWS\System32\Drivers\ElbyCDIO.sys
"ElbyDelay" (ElbyDelay) - "Elaborate Bytes AG" - C:\WINDOWS\System32\Drivers\ElbyDelay.sys
"Ext2fs" (Ext2fs) - "Stephan Schreiber" - C:\WINDOWS\System32\DRIVERS\ext2fs.sys
"giveio" (giveio) - ? - C:\WINDOWS\System32\giveio.sys  (File found, but it contains no detailed information)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"IfsMount" (IfsMount) - "Stephan Schreiber" - C:\WINDOWS\System32\DRIVERS\ifsmount.sys
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver" (RTLWUSB) - ? - C:\WINDOWS\System32\DRIVERS\wg111v2.sys  (File not found)
"NetGroup Packet Filter Driver" (npf) - "CACE Technologies" - C:\WINDOWS\System32\drivers\npf.sys
"NVR0Dev" (NVR0Dev) - "NVidia Corp." - C:\WINDOWS\nvoclock.sys
"Parallel Port Joystick Bus device driver" (PPJoyBus) - "Deon van der Westhuysen" - C:\WINDOWS\System32\drivers\PPJoyBus.sys
"Parallel Port Joystick device driver" (PPortJoystick) - "Deon van der Westhuysen" - C:\WINDOWS\System32\drivers\PPortJoy.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"Pcmcia" (Pcmcia) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\pcmciap.sys
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"Realtek EAPPkt Protocol" (EAPPkt) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\System32\DRIVERS\EAPPkt.sys
"SjyPkt" (SjyPkt) - ? - C:\WINDOWS\System32\Drivers\SjyPkt.sys  (File not found)
"speedfan" (speedfan) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\System32\speedfan.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)
"Steganos Live Encryption Engine 13 [Driver]" (SLEE_13_DRIVER) - ? - C:\WINDOWS\system32\drivers\SLEE13.sys  (File found, but it contains no detailed information)
"TAP-Win32 Adapter V8" (tap0801) - "The OpenVPN Project" - C:\WINDOWS\System32\DRIVERS\tap0801.sys
"truecrypt" (truecrypt) - "TrueCrypt Foundation" - C:\WINDOWS\System32\drivers\truecrypt.sys
"TTUSB2BDA USB 2.0 Driver" (TTUSB2BDA) - "TechnoTrend GmbH" - C:\WINDOWS\System32\DRIVERS\ttusb2bda.sys
"TTUSB2TS USB 2.0 Driver" (TTUSB2TS) - "TechnoTrend AG" - C:\WINDOWS\System32\Drivers\ttusb2ts.sys
"VClone" (VClone) - "Elaborate Bytes AG" - C:\WINDOWS\System32\DRIVERS\VClone.sys
"VMware Bridge Protocol" (VMnetBridge) - "VMware, Inc." - C:\WINDOWS\System32\DRIVERS\vmnetbridge.sys
"VMware hcmon" (hcmon) - "VMware, Inc." - C:\WINDOWS\system32\drivers\hcmon.sys
"VMware kbd" (vmkbd) - "VMware, Inc." - C:\WINDOWS\system32\drivers\VMkbd.sys
"VMware Network Application Interface" (VMnetuserif) - "VMware, Inc." - C:\WINDOWS\system32\drivers\vmnetuserif.sys
"VMware vmci" (vmci) - "VMware, Inc." - C:\WINDOWS\system32\Drivers\vmci.sys
"VMware vmx86" (vmx86) - "VMware, Inc." - C:\WINDOWS\system32\Drivers\vmx86.sys
"Vstor2 WS60 Virtual Storage Driver" (vstor2-ws60) - "VMware, Inc." - C:\Programme\VMware\VMware Player\vstor2-ws60.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
"WIDCOMM USB Bluetooth Driver" (BTWUSB) - ? - C:\WINDOWS\System32\Drivers\btwusb.sys  (File not found)
"WinDriver6" (WinDriver6) - "Jungo" - C:\WINDOWS\System32\drivers\windrvr6.sys

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{30351349-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\TortoiseSVN\bin\TortoiseStub.dll
{00020000-0000-1011-8004-0000C06B5161} "WIBU-SYSTEMS Shell Extension" - "WIBU-SYSTEMS AG" - C:\Programme\WIBU-SYSTEMS\System\WibuShellExt.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\WINDOWS\system32\skype4com.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll
{CD00020A-8B95-11D1-82DB-00C04FB1625D} "Microsoft PKM KnowledgePluggable Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{34F4B935-17DC-4885-8BC9-CCD1ADF42F93} "CISORecorderContextMenu Object" - "Alex Feinman" - C:\Programme\Alex Feinman\ISO Recorder\ISORecorder.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll
{CA5FEE26-14C1-4B5A-86E9-233FC0EE2682} "IZArc DragDrop Menu" - ? - C:\Programme\IZArc\IZArcCM.dll  (File found, but it contains no detailed information)
{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5} "IZArc Shell Context Menu" - ? - C:\Programme\IZArc\IZArcCM.dll  (File found, but it contains no detailed information)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{49BF5420-FA7F-11cf-8011-00A0C90A8F78} "Mobiles Gerät" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Wcesview.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{FAE0A3E0-3010-41BA-9DDC-A631394F047F} "SteganosShellExtension" - ? - C:\Programme\Steganos Safe Lite\ShellExtension.dll  (File found, but it contains no detailed information)
{30351346-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\TortoiseSVN\bin\TortoiseStub.dll
{30351347-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\TortoiseSVN\bin\TortoiseStub.dll
{30351348-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\TortoiseSVN\bin\TortoiseStub.dll
{30351349-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\TortoiseSVN\bin\TortoiseStub.dll
{3035134A-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\TortoiseSVN\bin\TortoiseStub.dll
{3035134B-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\TortoiseSVN\bin\TortoiseStub.dll
{3035134C-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\TortoiseSVN\bin\TortoiseStub.dll
{3035134D-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\TortoiseSVN\bin\TortoiseStub.dll
{3035134E-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\TortoiseSVN\bin\TortoiseStub.dll
{3035134F-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\TortoiseSVN\bin\TortoiseStub.dll
{30351350-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\TortoiseSVN\bin\TortoiseStub.dll
{C5994560-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll
{C5994561-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll
{C5994562-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll
{C5994563-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll
{C5994564-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll
{C5994565-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll
{C5994566-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll
{C5994567-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll
{C5994568-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll
{B7056B8E-4F99-44f8-8CBD-282390FE5428} "VirtualCloneDrive Shell Extension" - "Elaborate Bytes AG" - C:\Programme\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{00020000-0000-1011-8004-0000C06B5161} "WIBU-SYSTEMS Shell Extension" - "WIBU-SYSTEMS AG" - C:\Programme\WIBU-SYSTEMS\System\WibuShellExt.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx / hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_15-windows-i586.cab
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{9999A076-A9E2-4C99-8A2B-632FC9429223} "Bonjour" - "Apple Inc." - C:\Programme\Bonjour\ExplorerPlugin.dll
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\INetRepl.dll
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "Create Mobile Favorite" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\INetRepl.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{AD6E6555-FB2C-47D4-8339-3E2965509877} "TerraTec Home Cinema" - "TerraTec Electronic GmbH" - C:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{000A0000-0000-1011-8005-0000C06B5161} "CodeMeter Password Manager Internet Explorer AddOn" - "WIBU-SYSTEMS AG" - C:\Programme\CodeMeter\PwdManager\PMgrBHO.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"CodeMeter Control Center.lnk" - "WIBU-SYSTEMS AG" - C:\Programme\CodeMeter\Runtime\bin\CodeMeterCC.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"Microsoft Office.lnk" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\OSA.EXE  (Shortcut exists | File exists)
"AutoStart IR.lnk" - "Hauppauge Computer Works" - C:\Programme\WinTV\Ir.exe  (Shortcut exists | File exists)
"Verknüpfung mit Laufwerkanlegen.lnk" - ? - C:\Laufwerkanlegen.cmd  (Shortcut exists | File exists)
"WISO Mein Sparbuch heute.lnk" - "R&S EDV-Beratung, Hannover" - C:\Programme\WISO\Sparbuch 2010\meinsparbuchheute.exe  (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\j***\Startmenü\Programme\Autostart\desktop.ini
"Verknüpfung mit Magic.lnk" - ? - C:\Programme\Magic\Magic.exe  (Shortcut exists | File exists)
"Verknüpfung mit miranda32.lnk" - " " - C:\Programme\Miranda IM\miranda32.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"LaCie Ethernet Agent Startup" - "LaCie SA" - C:\Programme\LaCie\Network Assistant\LaCie Network Assistant.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"36X Raid Configurer" - "JMicron Technology Corp." - C:\WINDOWS\system32\JMRaidSetup.exe boot
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"BtTray" - ? - "C:\Programme\IVT Corporation\BlueSoleil\BtTray.exe"
"CanonMyPrinter" - "CANON INC." - C:\Programme\Canon\MyPrinter\BJMyPrt.exe /logon
"JMB36X IDE Setup" - ? - C:\WINDOWS\JM\JMInsIDE.exe  (File found, but it contains no detailed information)
"LogitechQuickCamRibbon" - "Logitech Inc." - "C:\Programme\Logitech\Logitech WebCam Software\LWS.exe" /hide
"Name of App" - " " - C:\Programme\SAMSUNG\FW LiveUpdate\FWManager.exe r
"NeroFilterCheck" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"NvMediaCenter" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"nwiz" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nwiz.exe /installquiet
"openvpn-gui" - ? - C:\Programme\OpenVPN\bin\openvpn-gui.exe  (File found, but it contains no detailed information)
"OpwareSE4" - "ScanSoft, Inc." - "C:\Programme\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
"SSBkgdUpdate" - "Nuance Communications, Inc." - "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
"VirtualCloneDrive" - "Elaborate Bytes AG" - "C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
"VMware hqtray" - "VMware, Inc." - "C:\Programme\VMware\VMware Player\hqtray.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"BlueSoleil Print Port" - "IVT Corporation." - C:\WINDOWS\system32\BsMonSvr.dll
"Canon BJ Language Monitor i560" - "CANON INC." - C:\WINDOWS\system32\CNMLM58.DLL
"PDFCreator" - "internet-support foehr.com" - C:\WINDOWS\system32\pdfcmnnt.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Apache2.2" (Apache2.2) - "Apache Software Foundation" - C:\xampp\apache\bin\apache.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"BlueSoleilCS" (BlueSoleilCS) - ? - C:\Programme\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
"Bonjour-Dienst" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe
"BsHelpCS" (BsHelpCS) - ? - C:\Programme\IVT Corporation\BlueSoleil\BsHelpCS.exe
"Canon Camera Access Library 8" (CCALib8) - "Canon Inc." - C:\Programme\Canon\CAL\CALMAIN.exe
"CodeMeter Runtime Server" (CodeMeter.exe) - "WIBU-SYSTEMS AG" - C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe
"FileZilla Server FTP server" (FileZilla Server) - "FileZilla Project" - C:\Programme\FileZilla Server\FileZilla Server.exe
"Imapi Helper" (Imapi Helper) - "Alex Feinman" - C:\Programme\Alex Feinman\ISO Recorder\ImapiHelper.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
"mysql" (mysql) - ? - C:\xampp\mysql\bin\mysqld-nt.exe  (File found, but it contains no detailed information)
"NBService" (NBService) - "Nero AG" - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
"NMSAccess" (NMSAccess) - ? - C:\Programme\CDBurnerXP\NMSAccessU.exe  (File found, but it contains no detailed information)
"nTune Service" (nTuneService) - "NVIDIA" - C:\Programme\NVIDIA Corporation\nTune\nTuneService.exe
"NVIDIA Display Driver Service" (NVSvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe
"OpenVPN Service" (OpenVPNService) - ? - C:\Programme\OpenVPN\bin\openvpnserv.exe  (File found, but it contains no detailed information)
"Process Monitor" (LVPrcSrv) - "Logitech Inc." - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
"VMware Agent Service" (ufad-ws60) - "VMware, Inc." - C:\Programme\VMware\VMware Player\vmware-ufad.exe
"VMware Authorization Service" (VMAuthdService) - "VMware, Inc." - C:\Programme\VMware\VMware Player\vmware-authd.exe
"VMware DHCP Service" (VMnetDHCP) - "VMware, Inc." - C:\WINDOWS\system32\vmnetdhcp.exe
"VMware NAT Service" (VMware NAT Service) - "VMware, Inc." - C:\WINDOWS\system32\vmnat.exe
"VMware USB Arbitration Service" (VMUSBArbService) - "VMware, Inc." - C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"VMCI sockets DGRAM" - "VMware, Inc." - C:\Programme\VMware\VMware Player\vsocklib.dll
"VMCI sockets STREAM" - "VMware, Inc." - C:\Programme\VMware\VMware Player\vsocklib.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

 

Themen zu Online-Banking gesperrt. Trojaner hat Zugangsdaten abgefangen.
0x00000001, 32 bit, 32-bit, adblock, antivir, avgntflt.sys, avira, bho, bonjour, canon, controlset002, decrypter, device driver, dllhost.exe, e-banking, entfernen, error, failed, firefox, firefox.exe, flash player, free download, internet, jusched.exe, kaspersky, location, logfile, lws.exe, mozilla, mozilla thunderbird, nt.dll, ntdll.dll, object, oldtimer, openvpn, otl logfile, plug-in, registry, routine, saver, schädling, searchplugins, server, shell32.dll, software, sparbuch, super, svchost, svchost.exe, system, system restore, trojaner, ucash, versteckte objekte, verweise, virus gefunden, vlc media player, wiso


« Angst, dass sich Virus verbreitet mit Emails über GMX ohne Anhang | Probleme mit Videos nach entfernen von trojanern durch MWB »


Ähnliche Themen: Online-Banking gesperrt. Trojaner hat Zugangsdaten abgefangen.


  1. Online-Banking-Account gesperrt - Verdacht auf Trojaner
    Plagegeister aller Art und deren Bekämpfung - 06.09.2015 (25)
  2. Bank hat Online-Banking gesperrt wegen Verdacht von Trojaner
    Log-Analyse und Auswertung - 13.06.2014 (22)
  3. Sparkassen-Trojaner - Online Banking gesperrt
    Plagegeister aller Art und deren Bekämpfung - 22.07.2013 (33)
  4. Sparkasse hat das Online-Banking gesperrt, Hinweis: Trojaner
    Log-Analyse und Auswertung - 24.05.2013 (12)
  5. Online Banking gesperrt durch Trojaner
    Plagegeister aller Art und deren Bekämpfung - 28.12.2012 (3)
  6. Trojaner-Online Banking gesperrt
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (1)
  7. Links auf Antiviren Seiten werden mit Google 404 abgefangen, Online Banking Daten "gestohlen"
    Plagegeister aller Art und deren Bekämpfung - 04.07.2012 (2)
  8. Online-Banking gesperrt wegen torpig-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 09.02.2012 (22)
  9. Online-Banking gesperrt : Verdacht auf Trojaner
    Plagegeister aller Art und deren Bekämpfung - 03.02.2012 (27)
  10. trojaner an bord! online-banking gesperrt
    Plagegeister aller Art und deren Bekämpfung - 26.07.2011 (25)
  11. Online Banking Volksbank gesperrt, wegen Trojaner !
    Plagegeister aller Art und deren Bekämpfung - 15.07.2011 (1)
  12. Ebenfalls Trojaner an Bord - Online-banking gesperrt
    Plagegeister aller Art und deren Bekämpfung - 13.07.2011 (11)
  13. Online Banking Gesperrt wegen Verdacht auf Trojaner
    Log-Analyse und Auswertung - 13.07.2011 (7)
  14. trojaner an bord! online-banking gesperrt
    Plagegeister aller Art und deren Bekämpfung - 30.06.2011 (33)
  15. Online-Banking gesperrt - Trojaner Gozi?
    Plagegeister aller Art und deren Bekämpfung - 15.11.2010 (18)
  16. Online-Banking durch Trojaner Gozi gesperrt
    Plagegeister aller Art und deren Bekämpfung - 14.11.2010 (21)
  17. Gozi-Trojaner Online Banking gesperrt
    Plagegeister aller Art und deren Bekämpfung - 04.11.2010 (8)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Online-Banking gesperrt. Trojaner hat Zugangsdaten abgefangen. - So hier jetzt das lange erwartete Log von OSAM Code: Alles auswählen Aufklappen ATTFilter Report of OSAM : Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 11:39:05 on 17.11.2010 OS: Windows XP - Online-Banking gesperrt. Trojaner hat Zugangsdaten abgefangen....
Archiv
Du betrachtest: Online-Banking gesperrt. Trojaner hat Zugangsdaten abgefangen. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131